How to Setup Unattended Upgrades on Debian Stretch

Tutorial Difficulty Level

Debian is a volunteer project that has developed and maintained a GNU/Linux operating system for well over a decade. Since its launch, the Debian project has grown to comprise more than 1,000 members with official developer status, alongside many more volunteers and contributors. Today, Debian encompasses over 50,000 packages of free, open source applications and documentation. The popular distribution Ubuntu builds on the Debian architecture and infrastructure and collaborates widely with Debian developers, but there are important differences. Ubuntu has a distinctive user interface, a separate developer community (though many developers participate in both projects) and a different release process.

If you decide to use a Debian server for your project (good idea – it’s secure, robust and fast), then you should always have the latest security patches and updates, whether you’re asleep or not. This is actually pretty easy to do. Here’s how.

First make sure you are all up to date with the latest updates for the system. Use su command to change to the root user and then:

Default

1

apt-get update&&apt-get dist-upgrade

Run this command to install the “unattended-upgrades” package, along with a package to identify the changes:

Default

1

apt-get install unattended-upgrades apt-listchanges

After that is installed, then edit the unattended-upgrade configuration:

Default

1

nano/etc/apt/apt.conf.d/50unattended-upgrades

Paste the following into this file after emptying it, then modify items with ** **. Remember to remove the asterisks.

Default

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

APT::Periodic::Update-Package-Lists"1";

APT::Periodic::Download-Upgradeable-Packages"1";

APT::Periodic::AutocleanInterval"7";

APT::Periodic::Unattended-Upgrade"1";

Unattended-Upgrade::Mail"**YOUR_EMAIL_HERE**";

// Automatically upgrade packages from these

Unattended-Upgrade::Origins-Pattern{

"o=Debian,a=stable";

"o=Debian,a=stable-updates";

"o=Debian,a=proposed-updates";

"origin=Debian,codename=${distro_codename},label=Debian-Security";

};

// You can specify your own packages to NOT automatically upgrade here

Unattended-Upgrade::Package-Blacklist{

// "vim";

// "libc6";

// "libc6-dev";

// "libc6-i686";

};

Unattended-Upgrade::MailOnlyOnError"true";

Unattended-Upgrade::Automatic-Reboot"false";

Note: You can set Automatic-Reboot to true if you want your server to reboot when it’s necessary.

Install “apticron” to manage automatic execution of APT updates:

Default

1

apt-yinstall apticron

Open /etc/apticron/apticron.conf and set the EMAIL variable to your email address, so you can receive the list of changes.